Create a Network Load Balancer - Elastic Load Balancing

Create a Network Load Balancer

A Network Load Balancer takes requests from clients and distributes them across targets in a target group, such as EC2 instances.

Before you begin, ensure that the virtual private cloud (VPC) for your Network Load Balancer has at least one public subnet in each Availability Zone where you have targets. You must also configure a target group and register at least one target to set as default in order to route your traffic to the target group.

To create a Network Load Balancer using the AWS CLI, see Getting started with Network Load Balancers using the AWS CLI.

To create a Network Load Balancer using the AWS Management Console, complete the following tasks.

Step 1: Configure a target group

Configuring a target group allows you to register targets such as EC2 instances. The target group that you configure in this step is used as the target group in the listener rule when you configure your Network Load Balancer. For more information, see Target groups for your Network Load Balancers.

Requirements
  • All targets in a target group must have the same IP address type: IPv4 or IPv6.

  • You must use an IPv6 target group with a dualstack load balancer.

  • You can't use an IPv4 target group with a UDP listener for a dualstack load balancer.

To configure your target group using the console
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Target Groups.

  3. Choose Create target group.

  4. For the Basic configuration pane, do the following:

    1. For Choose a target type, select Instances to register targets by instance ID, IP addresses to register targets by IP address, or Application Load Balancer to register an Application Load Balancer as a target.

    2. For Target group name, enter a name for the target group.

    3. For Protocol, choose a protocol as follows:

      • If the listener protocol is TCP, choose TCP or TCP_UDP.

      • If the listener protocol is TLS, choose TCP or TLS.

      • If the listener protocol is UDP, choose UDP or TCP_UDP.

      • If the listener protocol is TCP_UDP, choose TCP_UDP.

    4. (Optional) For Port, modify the default value as needed.

    5. For IP address type, choose IPv4 or IPv6. This option is available only if the target type is Instances or IP addresses.

      You can't change the IP address type of a target group after you create it.

    6. For VPC, select the virtual private cloud (VPC) with the targets to register.

  5. For the Health checks pane, modify the default settings as needed. For Advanced health check settings, choose the health check port, count, timeout, interval, and success codes. If health checks consecutively exceed the Unhealthy threshold count, the Network Load Balancer takes the target out of service. If health checks consecutively exceed the Healthy threshold count, the Network Load Balancer puts the target back in service. For more information, see Health checks for Network Load Balancer target groups.

  6. (Optional) To add a tag, expand Tags, choose Add tag, and enter a tag key and a tag value.

  7. Choose Next.

Step 2: Register targets

You can register EC2 instances, IP addresses, or an Application Load Balancer with your target group. This is an optional step to create a Network Load Balancer. However, you must register your targets to ensure that your Network Load Balancer can route traffic to them.

  1. On the Register targets page, add one or more targets as follows:

    • If the target type is Instances, select the instances, enter the ports, and then choose Include as pending below.

    • If the target type is IP addresses, select the network, enter the IP addresses and ports, and then choose Include as pending below.

    • If the target type is Application Load Balancer, select an Application Load Balancer.

  2. Choose Create target group.

Step 3: Configure a load balancer and a listener

To create a Network Load Balancer, you must first provide basic configuration information for your Network Load Balancer, such as a name, scheme, and IP address type. Then provide information about your network and one or more listeners. A listener is a process that checks for connection requests. It is configured with a protocol and a port for connections from clients to the Network Load Balancer. For more information about supported protocols and ports, see Listener configuration.

To configure your Network Load Balancer and listener using the console
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Load Balancers.

  3. Choose Create load balancer.

  4. Under Network Load Balancer, choose Create.

  5. Basic configuration

    1. For Load balancer name, enter a name for your Network Load Balancer. For example, my-nlb. The name of your Network Load Balancer must be unique within your set of Application Load Balancers and Network Load Balancers for the Region. It can have a maximum of 32 characters, and contain only alphanumeric characters and hyphens. It must not begin or end with a hyphen, or with internal-.

    2. For Scheme, choose Internet-facing or Internal. An internet-facing Network Load Balancer routes requests from clients to targets over the internet. An internal Network Load Balancer routes requests to targets using private IP addresses.

    3. For IP address type, choose IPv4 if your clients use IPv4 addresses to communicate with the Network Load Balancer or Dualstack if your clients use both IPv4 and IPv6 addresses to communicate with the Network Load Balancer.

  6. Network mapping

    1. For VPC, select the VPC that you used for your EC2 instances.

      If you selected Internet-facing for Scheme, only VPCs with an internet gateway are available for selection.

    2. [Dualstack load balancer] You can't add a UDP listener to a dualstack load balancer unless you turn on Enable prefix for IPv6 source NAT.

    3. For Mappings, select one or more Availability Zones and corresponding subnets. Enabling multiple Availability Zones increases the fault tolerance of your applications. You can specify subnets that were shared with you.

      For internet-facing Network Load Balancers, you can select an Elastic IP address for each Availability Zone. This provides your Network Load Balancer with static IP addresses. Alternatively, for an internal Network Load Balancer, you can assign a private IP address from the IPv4 range of each subnet instead of letting AWS assign one for you.

      For a load balancer with source NAT enabled, you can enter a custom IPv6 prefix or let AWS assign one for you.

  7. For Security groups, we preselect the default security group for your VPC. You can select other security groups as needed. If you don't have a suitable security group, choose Create a new security group and create one that meets your security needs. For more information, see Create a security group in the Amazon VPC User Guide.

    Warning

    If you don't associate any security groups with your Network Load Balancer now, you can't associate them later on.

  8. Listeners and routing

    1. The default is a listener that accepts TCP traffic on port 80. You can keep the default listener settings, or modify Protocol and Port as needed.

    2. For Default action, select a target group to forward traffic. If you didn't create a target group previously, you must create one now. You can optionally choose Add listener to add another listener (for example, a TLS listener).

      You can't use an IPv4 target group with a UDP listener for a dualstack load balancer.

    3. (Optional) Add tags to categorize your listener.

    4. For Secure listener settings (available only for TLS listeners), do the following:

      1. For Security policy, choose a security policy that meets your requirements.

      2. For ALPN policy, choose a policy to enable ALPN or choose None to disable ALPN.

      3. For Default SSL certificate, choose From ACM (recommended) and select a certificate. If you don't have an available certificate, you can import a certificate into ACM or use ACM to provision one for you. For more information, see Issuing and managing certificates in the AWS Certificate Manager User Guide.

  9. (Optional) You can use Add-on services with your Network Load Balancer. For example, you can add the following:

    • You can choose to have AWS Global Accelerator create an accelerator for you and associate your Network Load Balancer with the accelerator. The accelerator name can have the following characters (up to 64 characters): a-z, A-Z, 0-9, . (period), and - (hyphen). After the accelerator is created, go to the AWS Global Accelerator console to finish configuring it. For more information, see Add an accelerator when you create a load balancer.

    • You can choose to add monitoring to the Network Load Balancer for your application's internet traffic, by adding the Network Load Balancer to Amazon CloudWatch Internet Monitor. For more information, see Add a monitor with a Network Load Balancer.

  10. Tags

    (Optional) Add tags to categorize your Network Load Balancer. For more information, see Tags.

  11. Summary

    Review your configuration, and choose Create load balancer. A few default attributes are applied to your Network Load Balancer during creation. You can view and edit them after creating the Network Load Balancer. For more information, see Load balancer attributes.

Step 4: Test the load balancer

After creating your Network Load Balancer, you can verify that your EC2 instances have passed the initial health check, and then test that the Network Load Balancer is sending traffic to your EC2 instances. To delete the Network Load Balancer, see Delete a Network Load Balancer.

To test the Network Load Balancer
  1. After the Network Load Balancer is created, choose Close.

  2. In the left navigation pane, choose Target Groups.

  3. Select the new target group.

  4. Choose Targets and verify that your instances are ready. If the status of an instance is initial, it's probably because the instance is still in the process of being registered or it has not passed the minimum number of health checks to be considered healthy. After the status of at least one instance is healthy, you can test your Network Load Balancer. For more information, see Target health status.

  5. In the navigation pane, choose Load Balancers.

  6. Select the new Network Load Balancer.

  7. Copy the DNS name of the Network Load Balancer (for example, my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com). Paste the DNS name into the address field of an internet-connected web browser. If everything is working, the browser displays the default page of your server.